Epp Maaten: cybersecurity is not a project, it is a constant process we should maintain
The project “Improving Cybersecurity Competences in the Ukrainian public sector” summed up its results in the final event held on 17 June in Kyiv. The event featured speakers from the Ministry of Digital Transformation of Ukraine, the State Service of Special Communications and Information Protection of Ukraine, embassies of the United States and Estonia in Ukraine, and the Information System Authority of Estonia.
Photo: Nathan Ringger, Deputy Economic Counselor of the United States Embassy in Ukraine
According to the project manager Epp Maaten, the risk of security incidents is growing together with the increased use of digital channels during the pandemic as people are working more remotely. „Cyber risks can only be reduced by implementingand consistently managing a set of actions. Hence, cybersecurity is not a project, it is a constant process we should maintain,” Epp Maaten said at the final event.
Photo: Epp Maaten
During the last year, the e-Governance Academy in cooperation with the Ministry of Digital Transformation of Ukraine carried out activities to improve the cybersecurity competencies of Ukrainian public sector organisations. The focus of the activities was on increasing the capacity to assess the security of the information systems of Ukrainian authorities and to establish the necessary procedures for security testing.
According to Oleksii Vyskub, First Deputy Minister of Digital Transformation of Ukraine, ensuring an adequate level of cybersecurity for government digital services is a critical issue as digitalisation is one of the main priorities of Ukraine. „As part of the joint cyber project, we have developed a suitable methodology, which has already formed the basis of the draft resolution of the Cabinet of Ministers for the legalisation of such tests in the state information systems of Ukraine. This is an important step in modernising the state’s approach to the cybersecurity of public resources,“ Vyskub said.
Photo: Viktor Zhora, Deputy Head of the State Service of Special Communications and Information Protection of Ukraine on Digital Development
The project piloted penetration testing of the DIIA mobile app of online public services and the state portal of building and construction. Both test objects are very important systems, as they ensure safe and reliable access to e-services for citizens and businesses of Ukraine. The tests were conducted by FS Group Development Ltd.
Moreover, within the project, the best practice guidelines for planning and conducting information security testing and red teaming were developed. The guidelines cover the fundamental principles of full-spectrum penetration testing and cyber red teaming activity planning, management, execution, and reporting. Guidelines have been developed keeping the security managers and penetration testing team leaders in mind, but also considering the technical team members.
Based on the guidelines, in-depth training materials on penetration testing were developed for the main actors of the national cybersecurity system of Ukraine. In May and June 2020, three training courses for 35 security managers were conducted. The training courses focused on various aspects of penetration testing and red teaming through solving practical tasks and prototyping attacks in a fully immersed hands-on approach.The guidelines and training materials were developed and the training was conducted by SecTeam Ltd.
The project “Cyber Security Readiness in Ukrainian Public Authorities” was supported by the Embassy of the United States of America in Ukraine and Estonian Ministry of Foreign Affairs.